Keybase proof
I hereby claim:
- I am pe3zx on github.
- I am pe3z (https://keybase.io/pe3z) on keybase.
- I have a public key ASAU2yKbpXrwC7sNTh3-BoTC9V9qgbdHXH_LIVbhIf_rcQo
To claim this, I am signing this object:
import requests | |
import json | |
# ======== config ======== | |
auth_key = "" | |
url = "misp.test.local" | |
# ======================== | |
data= [] |
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the | |
# scheme used to connect to this server | |
map $http_x_forwarded_proto $proxy_x_forwarded_proto { | |
default $http_x_forwarded_proto; | |
'' $scheme; | |
} | |
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the | |
# server port the client connected to | |
map $http_x_forwarded_port $proxy_x_forwarded_port { | |
default $http_x_forwarded_port; |
$AutomaticVariables = Get-Variable | |
function cmpv { | |
Compare-Object (Get-Variable) $AutomaticVariables -Property Name -PassThru | Where -Property Name -ne "AutomaticVariables" | |
} |
{ | |
"name": "MAZE Group 1", | |
"version": "2.2", | |
"domain": "mitre-enterprise", | |
"description": "", | |
"filters": { | |
"stages": [ | |
"act" | |
], | |
"platforms": [ |
// any Office document with macros. | |
rule macro_hunter | |
{ | |
strings: | |
$ole_marker = {D0 CF 11 E0 A1 B1 1A E1} | |
$macro_sheet_h1 = {85 00 ?? ?? ?? ?? ?? ?? 01 01} | |
$macro_sheet_h2 = {85 00 ?? ?? ?? ?? ?? ?? 02 01} | |
condition: | |
new_file and ( | |
tags contains "macros" or ( |
rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
rem To also disable Windows Defender Security Center include this | |
rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
rem 1 - Disable Real-time protection | |
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
import sys | |
import binascii | |
import struct | |
from ctypes import Union, Structure, c_int, c_long, c_ushort, c_uint, c_short | |
from collections import namedtuple | |
from pprint import pprint | |
# struct timestamp_entry { | |
# unsigned short version; /* version number */ | |
# unsigned short size; /* entry size */ |
<VirtualHost *:443> | |
ServerName misp.local | |
DocumentRoot /var/www/MISP/app/webroot | |
<Directory /var/www/MISP/app/webroot> | |
Options -Indexes | |
AllowOverride all | |
Order allow,deny | |
allow from all | |
</Directory> |
I hereby claim:
To claim this, I am signing this object: